DOM-Based Cross-Site Scripting in Supreme Modules Lite by WordPress
CVE-2024-4334
6.4MEDIUM
Key Information:
- Vendor
Wordpress
- Vendor
- CVE Published:
- 2 May 2024
What is CVE-2024-4334?
A vulnerability in the Supreme Modules Lite plugin, affecting Divi Theme and Extra Theme, allows authenticated attackers with contributor-level access to exploit the 'typing_cursor' parameter, leading to potential injection of arbitrary web scripts. This occurs due to insufficient input sanitization and output escaping in versions up to 2.5.3. When a user accesses an affected page, these scripts may execute, posing significant security risks.
Affected Version(s)
Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder * <= 2.5.3